if (! current_user_can( 'edit_posts' ) ) die('not authorized');
// if (!pnSecAuthAction(0, 'CONTROL::', '::', ACCESS_ADMIN)) die('not authorized');
?>
include "funcs.php";
# show the categories and subcategories
$tcatlist = "
\n";
$tcatlist .= "
\n";
$tcatlist .= "
\n";
$tcatlist .= "
\n";
$tcatlist .= "
\n";
$tsubcatlist = "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
$tsubcatlist .= "
\n";
if (get_input('submit') == '') {
if (get_input('id') != '') {
$tstat = "Update";
$tdelbutton = "
";
$SQL = "Select * from amazon where id = '".get_input('id')."'";
$result = mysqli_query($theConnectioni,$SQL);
// $result = mysql_query($SQL);
$RS = mysqli_fetch_assoc($result);
$tp = fqhtml($RS['posted']);
$tc = fqhtml($RS['changed']);
$tcat = fqhtml($RS['category']);
$tcat = "
";
$tsubcat = fqhtml($RS['subcategory']);
$tsubcat = "
";
$ttitle = fqhtml($RS['title']);
$tauthor = fqhtml($RS['author']);
$titemnumber = fqhtml($RS['itemnumber']);
$tcomments = fqhtml($RS['comments']);
}
else {
$tstat = "Add";
}
print "
$tstat bookshelf item
";
}
else {
$tcategory = get_input('category');
$tsubcategory = get_input('subcategory');
$ttitle = addslashes(get_input('title'));
$tauthor = addslashes(get_input('author'));
$titemnumber = addslashes(get_input('itemnumber'));
$tcomments = addslashes(get_input('comments'));
if (get_input('submit') == 'DELETE It') {
$SQL = "Delete from amazon Where id = '".get_input('id')."'";
$tstat = 'Deleted';
}
else {
$tid = get_input('id');
if (get_input('id') != '') {
$SQL = "Update amazon SET changed = Now(), category = '$tcategory', subcategory = '$tsubcategory',
title = '$ttitle', author = '$tauthor', itemnumber = '$titemnumber', comments = '$tcomments'
WHERE id ='$tid'";
$tstat = 'Updated';
}
else {
$SQL = "Insert into amazon (posted,category,subcategory,title,author,itemnumber,comments) values (Now(), '$tcategory', '$tsubcategory', '$ttitle', '$tauthor', '$titemnumber', '$tcomments')";
$tstat = 'Added';
}
}
$result = mysqli_query($theConnectioni,$SQL) or die("$SQL");
print "
".get_input('title')." was $tstat
";
#note to us to proof book
$from = "sloan@sloanadams.com";
$to = "mark@transparentsolutions.com";
$bcc = "\nBCC: mrkshrt@gmail.com";
$subj = "Book added/changed to NRGinmotion, needs proofing";
$body = "/sp.php/page=showbooks\n";
$body .= "Title: ".get_input('title')."\n";
$body .= "Author: ".get_input('author')."\n";
$body .= "ItemNumber: ".get_input('itemnumber')."\n";
// mail($to,$subj,$body,"From: $from$bcc\n","-f$from");
}
?>